signzy

API Marketplace

downArrow

Solutions

downArrow

Resources

downArrow

Our Company

downArrow
Book a Demo
laptop
Logo
Responsive
Decorative line
← Back to Glossary

State Privacy Laws CCPA CPRA

United States

United States

1996

Privacy

Cybersecurity

Overview

The California Consumer Privacy Act (CCPA), passed in 2018 and effective January 2020, was the first comprehensive state-level privacy law in the U.S., granting California residents broad rights over their personal information. It requires businesses to provide transparency about data collection, use, and sharing, while giving consumers rights to access, delete, and opt out of the sale of their personal data.The California Privacy Rights Act (CPRA), adopted in 2020 and effective January 2023, amended and expanded the CCPA by introducing new rights, stricter obligations, and the creation of the California Privacy Protection Agency (CPPA) for dedicated enforcement. Together, these laws impact a wide range of industries, including technology companies, e-commerce, financial services, advertising/marketing firms, healthcare providers (when handling non-HIPAA data), and data brokers, setting a model that other U.S. states are following with similar privacy laws. Organizations must implement comprehensive data residency frameworks to ensure compliance with consumer rights requests, data processing transparency requirements, and secure handling of personal information across all business operations.

Key Obligations

  • Provide consumers with a privacy notice explaining data practices
  • Offer rights to access, correct, delete, and opt out of data sales/sharing
  • Respect the right to limit use of sensitive personal information (CPRA)
  • Implement reasonable security measures to protect personal data
  • Honor Global Privacy Control (GPC) browser signals as opt-out requests
  • Establish procedures to verify consumer identity before fulfilling requests
  • Avoid discrimination against consumers who exercise privacy rights

Stay ahead of risk with Signzy

Explore tools that help you onboard, monitor, and verify with confidence

Identity Verification

Identity Verification

Use facial match and liveness checks paired with government ID verification to validate users while onboarding.

AML Screening

AML Screening

Screen users against Politically Exposed Persons (PEP), watchlists, sanctions lists, adverse media, and more through one-time screening and advanced monitoring.

Transaction Monitoring

Transaction Monitoring

Monitor transactions in real-time and analyse past behaviour to identify suspicious activities and ensure regulatory compliance across the user journey.

Related Regulations

Decorative icon
HIPAA PHI Privacy & Security

Decorative icon
GLBA Privacy Rule Regulation P

Decorative icon
Illinois BIPA Biometric Privacy Law

FAQ

Who must comply with CCPA/CPRA?

For-profit businesses operating in California that meet thresholds (e.g., $25M+ revenue, 100K+ consumers’ data, or derive 50%+ revenue from selling/sharing personal data).

What new rights did the CPRA add?

Rights to correct personal data, limit use of sensitive data, and expanded opt-out rights for cross-context behavioral advertising.

Who enforces the laws?

The California Privacy Protection Agency (CPPA) and the California Attorney General.

What industries are most impacted?

Tech platforms, e-commerce, financial services, insurers, advertisers, and data brokers with California users.